Windows
Analysis Report
MSG.docx
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1052 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- chrome.exe (PID: 2768 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --start- maximized --single-a rgument ht tps://pub- 386b08e75b 554ed78af5 f51b01d7e1 d8.r2.dev/ linkofinfo rmationtec h.html#am9 lc0BvYXBjL mNvbQ== MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) - chrome.exe (PID: 3224 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=140 8 --field- trial-hand le=1276,i, 9089814840 846958116, 1239900744 5428580176 ,131072 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion /prefe tch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
- cleanup
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | SlashNext: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Word Document stream: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 3 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 4 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
navipahat.in | 192.185.166.178 | true | false | unknown | |
pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev | 104.18.3.35 | true | false | unknown | |
challenges.cloudflare.com | 104.17.2.184 | true | false | high | |
www.google.com | 142.251.116.106 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high | ||
false |
| unknown | |
false | high | ||
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.185.166.178 | navipahat.in | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
104.18.3.35 | pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev | United States | 13335 | CLOUDFLARENETUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.116.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
104.17.2.184 | challenges.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432328 |
Start date and time: | 2024-04-26 21:25:20 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 4 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | MSG.docx |
Detection: | MAL |
Classification: | mal48.winDOCX@18/16@10/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, WMIADAP.exe
- Excluded IPs from analysis (whitelisted): 142.250.115.94, 142.250.114.102, 142.250.114.100, 142.250.114.101, 142.250.114.139, 142.250.114.113, 142.250.114.138, 142.250.113.84, 34.104.35.123
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: MSG.docx
Source | URL |
---|---|
Screenshot | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ== |
Screenshot | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ== |
Screenshot | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ== |
Screenshot | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ== |
Screenshot | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ== |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.18.3.35 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Captcha Phish | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | TechSupportScam | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.17.2.184 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
challenges.cloudflare.com | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3B083CB6.png
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 456 |
Entropy (8bit): | 7.287712404075176 |
Encrypted: | false |
SSDEEP: | 12:6v/78DktD1pNAcfI+lnYjPU5pF6SmORIrtAZn:E7fICnYjyzK/E |
MD5: | 4D46489A6AB46C02EA0A7DE3818E456C |
SHA1: | 1C5CD1B65478994C5E607E5E7DF32644CE299C23 |
SHA-256: | 8E12104BE53F15870E532E721C6B5FEE99384CC46CC8D5B926725F22AB292507 |
SHA-512: | D2ABA6492F64DBF2F99EADEE3DDDBAB0A9F96ABF3BBF8C63A2B258AB7EC4A2B457F7A9BB5DB0B52706E8A9455388997433765DF0BEDC6ACA205BC836AA25D2E4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F694EF49.png
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1057 |
Entropy (8bit): | 7.6851406288304105 |
Encrypted: | false |
SSDEEP: | 24:Qb0EcwtZDFHs70yTIy9pEq0WVBtXVMDug3iLRciNe47zz:QIEFA7pdl3tFEWRRPz |
MD5: | ED9C9EB0DCE17D752BEDEA6B5ACDA6D9 |
SHA1: | ECA56C4904354EED5DA0DEBCD6BD66856AB4784D |
SHA-256: | F664B8138C2DA6EC7565500A7CC839DA6372614A31DC04C5A2169A26B8D9767C |
SHA-512: | 3BFB696318DDB93540140DBCD4DBB32F129441E46EE752C6B7379624488533BA27CC7EFF3CAE444C1797CA6EECDF333EDAF443AC84CDEB037A890967091CF91C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 1.4225547553671973 |
Encrypted: | false |
SSDEEP: | 12:rl3lTpFQDlOIfdt/4fdt/4CIW9E//4W9E//4CICICb77:rnOtoGXYX |
MD5: | 14F29D612A65B2AF4A76D974A746D0A7 |
SHA1: | 84A16B0A43586BCCB018B359BAA925948461E5CF |
SHA-256: | 10AD3E51F897B49A7FCE2F449C11954B2E07C45801DA6F05959FFA07FC1A4E9A |
SHA-512: | 2823AC5694852B328E3019575C725894DD1FA30B8DEAEC168D59ADE44757F2416B29CF6EC8575F64D3CDD306C1DB2B9A817AAF92466DAAA8967DC8995205230D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{67B84FBD-E5CF-484E-8E16-CA82898FEABF}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2418 |
Entropy (8bit): | 2.961207259429166 |
Encrypted: | false |
SSDEEP: | 48:UDor0cGkk3LsWapZK9jAWZvcbmd4HLyLRS7xyChURfM:UDoCH35i4WWcbXryB4 |
MD5: | D12F5AB5CC403072634BF51BB16FDDD1 |
SHA1: | F1260888949D32564B4DCB2F6FE7E9795E3759BF |
SHA-256: | 4F5E737E68454279C4C6589B87AFC4F55845ABA10A2B6CC843136B93D9EA3249 |
SHA-512: | 029C2C111EDA743F3CBC666A019E688E743F59E3FE494DC74DAA552B02E4BCC3E04CBE1E598A749B4758653A0D0E47D8EBFCD6EC2D415B0DB4972C514039959D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F6481146-C418-4192-8EA3-C130B10535CF}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 663 |
Entropy (8bit): | 5.949125862393289 |
Encrypted: | false |
SSDEEP: | 12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF |
MD5: | ED3C1C40B68BA4F40DB15529D5443DEC |
SHA1: | 831AF99BB64A04617E0A42EA898756F9E0E0BCCA |
SHA-256: | 039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A |
SHA-512: | C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 980 |
Entropy (8bit): | 4.501594094275527 |
Encrypted: | false |
SSDEEP: | 12:8ICJ5C1gXg/XAlCPCHaXKBn/mgB/qPX+WmxsNXPsicvb1F1fjmNDtZ3YilMMEpxL:8k/XT6L4YxgneNbCDv3qkk7N |
MD5: | 677A5602C5713E2F14FB1F991F74DE45 |
SHA1: | 07B9F4C9216F1D4B8F50C3755CBB03AFE241F81D |
SHA-256: | DC7047605867EFD56E383110B3E285C93792C1D80F01B165F657658E2AF5482A |
SHA-512: | 73AFC16153982CF7E4ECB4ABD6A715B12D5670E8E995CC99DCA7B66279C9DC9E7595A9356AACA1BB1E7B5522FF0996C0CBF6E23718D61E4B2F74B9C900AF9E86 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 41 |
Entropy (8bit): | 4.381942248520523 |
Encrypted: | false |
SSDEEP: | 3:HjvrFom4DidrFov:Hjv5nd5y |
MD5: | 12F3BBEB79DE6F44C4921B0714FE7701 |
SHA1: | A57C07EA5674CDCCB4CA69E85D5813EE77F7716E |
SHA-256: | CC1E43AB57B09CD39EAEF3EF0AA3D133EDEF14BBFC383BDF0DEBF2FB8DF98F9F |
SHA-512: | C5FFCA85CA88FBB0DC33155ACC4DA98ED2C3EDCEAC7959D900772BE887A7189B431E438FEACDA375E0A76C5862B27F605CA9E34D42BD30D4148C87F9B2851B12 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyNyB9Kyz2FWWtGLHV/ln:vdsCkWtC5+dl |
MD5: | 954EBA139F03B75841570D5E6E9B72D9 |
SHA1: | 326ABC7B177953C72FF5B4E4272ACEF006B315D8 |
SHA-256: | 1A543E58BA34C93358B12239CB6793B7A888A6EC4DFA36C3173B4FE3CFCB2D48 |
SHA-512: | 4FD91AFA5289AEF3315F31D1033500AEF06570F0E8EAD218AB9FC1C4DAA60F92779E7A340D9DB024DFA0ABC9F7E36F54A8F65079CB2554493133CB675D12C9CE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyNyB9Kyz2FWWtGLHV/ln:vdsCkWtC5+dl |
MD5: | 954EBA139F03B75841570D5E6E9B72D9 |
SHA1: | 326ABC7B177953C72FF5B4E4272ACEF006B315D8 |
SHA-256: | 1A543E58BA34C93358B12239CB6793B7A888A6EC4DFA36C3173B4FE3CFCB2D48 |
SHA-512: | 4FD91AFA5289AEF3315F31D1033500AEF06570F0E8EAD218AB9FC1C4DAA60F92779E7A340D9DB024DFA0ABC9F7E36F54A8F65079CB2554493133CB675D12C9CE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 696 |
Entropy (8bit): | 5.386219842867898 |
Encrypted: | false |
SSDEEP: | 12:kx2REXy7iLHskwGWLyPvKNGexV/mgKpOo7DzBkCuoerpeJ/T9JgZT6NR/fj8eG:kcACMWLyXKVV/qhFuJklgZiR/tG |
MD5: | 64047B71522B087135B5249307CE1D66 |
SHA1: | E5D9CBBD01B12D1A4025E8F11F323592F51B40B9 |
SHA-256: | 5AA14784640F043FCD2DADB457194065C2314DC8E4B75C432B0EF7409A110691 |
SHA-512: | 0968B0C7F13D5535CE5EBDDE2A8123BBD9E2B4D495F0F75DABEE8566A40513F2C75632BAAC201422159B40DCCD3A4CCBA58F424A901D0A5FE95BD71443C703A2 |
Malicious: | false |
URL: | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html |
Preview: |
Process: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 27242 |
Entropy (8bit): | 4.3631679730758375 |
Encrypted: | false |
SSDEEP: | 384:6FamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:663Mp5If8WOmgW3 |
MD5: | DF3D48946E8D3F5A83608308EDBB4B86 |
SHA1: | 47B9C40C97ABF2658DF96B1C06109324E15E1A00 |
SHA-256: | 570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499 |
SHA-512: | 36EC1CEC72DC3245730C813277C645525473CC5232E85CD23503B8593D90264F335E61A16D364A1E6C41922820B40BA7C0F46B19F4B91DB6A0CF5E31E778DDEA |
Malicious: | false |
URL: | https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/favicon.ico |
Preview: |
Process: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 42415 |
Entropy (8bit): | 5.374174676958316 |
Encrypted: | false |
SSDEEP: | 768:JC9//LuIHdpbSt3JoVMjX1y48S7d1dxoqmNdKyBVnPNAZASyXY1eO4mH19B59:OuIHdpbSt3vFy4X4PNdN+9 |
MD5: | F94A2211CE789A95A7C67E8C660D63E8 |
SHA1: | F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F |
SHA-256: | 926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B |
SHA-512: | EAC0FC89C2D6CCEB9F4C18DFC610DFF8BC194D3994F0C74B3D991F8423C6DADE11D805E76124596521C58AFA9939B45D2D3157F0A48626E12548020FC38364D3 |
Malicious: | false |
URL: | https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback |
Preview: |
File type: | |
Entropy (8bit): | 7.828314037415514 |
TrID: |
|
File name: | MSG.docx |
File size: | 14'129 bytes |
MD5: | 80a08672a3ea9cb9b3bf2eb7eef46058 |
SHA1: | 4e105a2c1d4aac7927a0d54422654fc2c481fb5f |
SHA256: | 797051ff4e6ab6de818abdc5a13151c76f25b529f9f4da90013d0a3d4e6685df |
SHA512: | 5158d744ad6be129d0fd2fb71dfb374c174e8e2b78c4e63fc88842dd75e4aecf7795c2562956833cadc8496760f356fc256ccf2ca9e0b8a119dabfbba73153c1 |
SSDEEP: | 384:23d84vLSUxWgQyF+0ZH09jQNoSyHwq58TghrCGHvH9:wpx/QWt09SyQBUQQvd |
TLSH: | 8952AE55EA2B0738F30A4EF1A054F4BADD6B90BAD64BE50B5A9153F44EB09C07133BA4 |
File Content Preview: | PK...........X.O..............[Content_Types].xml...N.0.._e..a.b.1..*.7j">@i..q.i.3...l....P.f.z......lr.n.d.!.t.t.....Bm.j..,....z6Y|x....8M.D.J...`e....J..J....^.W..1../.BG.h@.#.Mn!.eA..;/7.<.&7M_%5M...Q..,...q0@.;&7N...|Y.x...k..Y..j..o...F.FUZ..p....A |
Icon Hash: | 65e6a3a3afb7bdbf |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 21:26:29.391248941 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.391283989 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.391335011 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.419476032 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.419492960 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.692924976 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.693589926 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.693609953 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.695705891 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.695780993 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.927932024 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.927974939 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.928041935 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.933238983 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.933552027 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.934077024 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.934102058 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:29.948720932 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:29.948739052 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.135819912 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.205282927 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.205492020 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.205509901 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.206490040 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.206543922 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.206897974 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.206962109 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.412122011 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.412174940 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.604275942 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.604439020 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:30.604513884 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.605424881 CEST | 49161 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:30.605463028 CEST | 443 | 49161 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:31.073760033 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.073800087 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.073930025 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.074166059 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.074177980 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.118226051 CEST | 49167 | 443 | 192.168.2.22 | 192.185.166.178 |
Apr 26, 2024 21:26:31.118308067 CEST | 443 | 49167 | 192.185.166.178 | 192.168.2.22 |
Apr 26, 2024 21:26:31.118436098 CEST | 49167 | 443 | 192.168.2.22 | 192.185.166.178 |
Apr 26, 2024 21:26:31.118925095 CEST | 49167 | 443 | 192.168.2.22 | 192.185.166.178 |
Apr 26, 2024 21:26:31.118961096 CEST | 443 | 49167 | 192.185.166.178 | 192.168.2.22 |
Apr 26, 2024 21:26:31.239329100 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.239350080 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.239466906 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.239624977 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.239634037 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.342808962 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.343049049 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.343060017 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.344706059 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.344815016 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.345796108 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.345887899 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.345897913 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.388117075 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.537883043 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.537893057 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.565067053 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.565337896 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.565346003 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.566302061 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.566373110 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.567370892 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.567440033 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.630399942 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.630537033 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.632297993 CEST | 49166 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.632297993 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.632318974 CEST | 443 | 49166 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.632333040 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.632606983 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.632776976 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.632786989 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.771924973 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:31.771934986 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:31.889518976 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.889942884 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.889956951 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.890408993 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.890882015 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.890957117 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.891058922 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:31.936125040 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:31.972023964 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:32.095918894 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.230335951 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230457067 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230564117 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230612040 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.230629921 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230736017 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230779886 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.230784893 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230886936 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.230936050 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.230941057 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231074095 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231117964 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.231122017 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231573105 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231617928 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.231622934 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231724977 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231827974 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.231879950 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.231884956 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.232482910 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.232563019 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.232604980 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.232609987 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.232707977 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.233428001 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.233475924 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.233480930 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.233576059 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.233625889 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.233630896 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.234321117 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.234402895 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.234452009 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.234458923 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.234554052 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.234632969 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.234678984 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.234683990 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.235253096 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.235328913 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.235378027 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.235383034 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.235527039 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:32.237731934 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:32.334640980 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:33.264110088 CEST | 49169 | 443 | 192.168.2.22 | 104.17.2.184 |
Apr 26, 2024 21:26:33.264136076 CEST | 443 | 49169 | 104.17.2.184 | 192.168.2.22 |
Apr 26, 2024 21:26:41.577522039 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:41.577594042 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:41.577657938 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:43.609893084 CEST | 49168 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:26:43.609930992 CEST | 443 | 49168 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:26:45.201637983 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:45.201711893 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:26:45.201865911 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:46.027129889 CEST | 49165 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:26:46.027153969 CEST | 443 | 49165 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.217766047 CEST | 49167 | 443 | 192.168.2.22 | 192.185.166.178 |
Apr 26, 2024 21:27:01.260149002 CEST | 443 | 49167 | 192.185.166.178 | 192.168.2.22 |
Apr 26, 2024 21:27:01.356820107 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:01.356864929 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.356931925 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:01.359674931 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:01.359687090 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.617561102 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.617897987 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:01.617921114 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.618379116 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.619702101 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:01.619788885 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:01.619992971 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:01.664118052 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134155989 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134308100 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134349108 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.134362936 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134506941 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134546041 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.134556055 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134707928 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134749889 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.134754896 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134896994 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.134937048 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.134942055 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.135086060 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.135129929 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.135134935 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.135325909 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.135366917 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.135370970 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.135502100 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.135545015 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.135550022 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.136040926 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.136079073 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.136082888 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.136424065 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.136465073 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.136470079 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.136785984 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.136831045 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.136835098 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.137020111 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:02.137063980 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.137104988 CEST | 49171 | 443 | 192.168.2.22 | 104.18.3.35 |
Apr 26, 2024 21:27:02.137116909 CEST | 443 | 49171 | 104.18.3.35 | 192.168.2.22 |
Apr 26, 2024 21:27:31.130048037 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:31.130114079 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:31.130182981 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:31.130445957 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:31.130481005 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:31.459161997 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:31.462049961 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:31.462084055 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:31.463201046 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:31.464308023 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:31.464512110 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:31.661164999 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:41.454111099 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:41.454273939 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:41.454339981 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:41.524945974 CEST | 49173 | 443 | 192.168.2.22 | 142.251.116.106 |
Apr 26, 2024 21:27:41.524966002 CEST | 443 | 49173 | 142.251.116.106 | 192.168.2.22 |
Apr 26, 2024 21:27:46.269037008 CEST | 49167 | 443 | 192.168.2.22 | 192.185.166.178 |
Apr 26, 2024 21:27:46.269082069 CEST | 443 | 49167 | 192.185.166.178 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 21:26:27.251012087 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:27.251951933 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:27.449240923 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:27.451664925 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:29.094702959 CEST | 57893 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:29.279450893 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:29.281552076 CEST | 53 | 57893 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:29.457019091 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:29.582500935 CEST | 53 | 54998 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:29.839504957 CEST | 53 | 62672 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:30.884953022 CEST | 49384 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:30.886935949 CEST | 54842 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:30.888670921 CEST | 58105 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:30.888947010 CEST | 64928 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:31.058222055 CEST | 54261 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:31.058222055 CEST | 60507 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 26, 2024 21:26:31.072228909 CEST | 53 | 49384 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:31.073106050 CEST | 53 | 54842 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:31.107278109 CEST | 53 | 64928 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:31.117854118 CEST | 53 | 58105 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:31.233243942 CEST | 53 | 54261 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:31.237003088 CEST | 53 | 58095 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:31.238696098 CEST | 53 | 60507 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:26:52.004587889 CEST | 53 | 59447 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:27:02.170129061 CEST | 53 | 64687 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:27:16.133250952 CEST | 53 | 49949 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:27:26.912178993 CEST | 53 | 49226 | 8.8.8.8 | 192.168.2.22 |
Apr 26, 2024 21:27:38.223586082 CEST | 53 | 53031 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 26, 2024 21:26:29.457194090 CEST | 192.168.2.22 | 8.8.8.8 | d061 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 21:26:27.251012087 CEST | 192.168.2.22 | 8.8.8.8 | 0x181d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:26:27.251951933 CEST | 192.168.2.22 | 8.8.8.8 | 0xd6c2 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 21:26:29.094702959 CEST | 192.168.2.22 | 8.8.8.8 | 0x8576 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:26:29.279450893 CEST | 192.168.2.22 | 8.8.8.8 | 0xf95d | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 21:26:30.884953022 CEST | 192.168.2.22 | 8.8.8.8 | 0x80f5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:26:30.886935949 CEST | 192.168.2.22 | 8.8.8.8 | 0x8b42 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 21:26:30.888670921 CEST | 192.168.2.22 | 8.8.8.8 | 0xd014 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:26:30.888947010 CEST | 192.168.2.22 | 8.8.8.8 | 0xec0a | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 21:26:31.058222055 CEST | 192.168.2.22 | 8.8.8.8 | 0xba62 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:26:31.058222055 CEST | 192.168.2.22 | 8.8.8.8 | 0x1be2 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 21:26:27.451664925 CEST | 8.8.8.8 | 192.168.2.22 | 0x181d | No error (0) | 104.18.3.35 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:27.451664925 CEST | 8.8.8.8 | 192.168.2.22 | 0x181d | No error (0) | 104.18.2.35 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:29.281552076 CEST | 8.8.8.8 | 192.168.2.22 | 0x8576 | No error (0) | 104.18.3.35 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:29.281552076 CEST | 8.8.8.8 | 192.168.2.22 | 0x8576 | No error (0) | 104.18.2.35 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.072228909 CEST | 8.8.8.8 | 192.168.2.22 | 0x80f5 | No error (0) | 104.17.2.184 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.072228909 CEST | 8.8.8.8 | 192.168.2.22 | 0x80f5 | No error (0) | 104.17.3.184 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.073106050 CEST | 8.8.8.8 | 192.168.2.22 | 0x8b42 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 21:26:31.117854118 CEST | 8.8.8.8 | 192.168.2.22 | 0xd014 | No error (0) | 192.185.166.178 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.233243942 CEST | 8.8.8.8 | 192.168.2.22 | 0xba62 | No error (0) | 142.251.116.106 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.233243942 CEST | 8.8.8.8 | 192.168.2.22 | 0xba62 | No error (0) | 142.251.116.103 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.233243942 CEST | 8.8.8.8 | 192.168.2.22 | 0xba62 | No error (0) | 142.251.116.105 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.233243942 CEST | 8.8.8.8 | 192.168.2.22 | 0xba62 | No error (0) | 142.251.116.147 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.233243942 CEST | 8.8.8.8 | 192.168.2.22 | 0xba62 | No error (0) | 142.251.116.99 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.233243942 CEST | 8.8.8.8 | 192.168.2.22 | 0xba62 | No error (0) | 142.251.116.104 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:26:31.238696098 CEST | 8.8.8.8 | 192.168.2.22 | 0x1be2 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49161 | 104.18.3.35 | 443 | 3224 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:26:29 UTC | 713 | OUT | |
2024-04-26 19:26:30 UTC | 281 | IN | |
2024-04-26 19:26:30 UTC | 696 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49166 | 104.17.2.184 | 443 | 3224 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:26:31 UTC | 603 | OUT | |
2024-04-26 19:26:31 UTC | 367 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.22 | 49169 | 104.17.2.184 | 443 | 3224 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:26:31 UTC | 618 | OUT | |
2024-04-26 19:26:32 UTC | 340 | IN | |
2024-04-26 19:26:32 UTC | 1029 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN | |
2024-04-26 19:26:32 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.22 | 49171 | 104.18.3.35 | 443 | 3224 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:27:01 UTC | 669 | OUT | |
2024-04-26 19:27:02 UTC | 180 | IN | |
2024-04-26 19:27:02 UTC | 1189 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN | |
2024-04-26 19:27:02 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:26:10 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f1c0000 |
File size: | 1'423'704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 21:26:23 |
Start date: | 26/04/2024 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f0e0000 |
File size: | 3'151'128 bytes |
MD5 hash: | FFA2B8E17F645BCC20F0E0201FEF83ED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 3 |
Start time: | 21:26:24 |
Start date: | 26/04/2024 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f0e0000 |
File size: | 3'151'128 bytes |
MD5 hash: | FFA2B8E17F645BCC20F0E0201FEF83ED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |